Static Scan Results
scanned 13h ago · by rust-scannerStatic analysis flagged 3 finding(s) at 72.0% confidence. This version is warn-only unless an AI or security-team review confirms malicious behavior.
Static reason
One or more suspicious static signals were detected.
Decision evidence
public snapshotBehavioral surface
EnvironmentVars
NoLicense
Source & flagged code
1 flagged · loading sourcedist/src/index.jsView file
29});
L30: import { lookup as dnsLookup } from "dns/promises";
L31: import { isIP } from "net";
...
L61: if (a === 10 || a === 172 && b >= 16 && b <= 31 || a === 192 && b === 168) {
L62: return "RFC1918/private addresses are not allowed";
L63: }
...
L74: }
L75: function resolveNotifyAllowHttpLocalhost(raw = process.env[NOTIFY_LOCALHOST_HTTP_OPT_IN_ENV]) {
L76: return typeof raw === "string" && TRUE_LIKE[raw.trim().toLowerCase()] === true;
...
L139: try {
L140: const parsed = await Bun.file(path).json();
L141: return {
High
Cloud Metadata Access
Source reaches cloud instance metadata or link-local credential endpoints.
dist/src/index.jsView on unpkg · L29Findings
1 High1 Medium1 Low
HighCloud Metadata Accessdist/src/index.js
MediumEnvironment Vars
LowNo License